[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2021-4115/policykit-1

Mon Feb 14 18:43:18 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ebfb06a by Salvatore Bonaccorso at 2022-02-14T19:33:18+01:00
Add CVE-2021-4115/policykit-1

- - - - -
d358e4ec by Salvatore Bonaccorso at 2022-02-14T19:42:42+01:00
postpone intel-microcode, the update should first be exposed in upper suites

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12926,8 +12926,10 @@ CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
 	NOT-FOR-US: yetiforcecrm
 CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: yetiforcecrm
-CVE-2021-4115
+CVE-2021-4115 [file descriptor leak allows an unprivileged user to cause a crash]
 	RESERVED
+	- policykit-1 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534
 CVE-2021-4114
 	REJECTED
 CVE-2021-4113
@@ -46405,6 +46407,8 @@ CVE-2021-33121
 	RESERVED
 CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...)
 	- intel-microcode <unfixed>
+	[bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+	[buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html
 CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...)
 	NOT-FOR-US: Intel
@@ -91988,10 +91992,14 @@ CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for som
 	TODO: check
 CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some  ...)
 	- intel-microcode <unfixed>
+	[bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+	[buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
 CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) Processor ...)
 	- intel-microcode <unfixed>
+	[bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+	[buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
 	NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html
 CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
@@ -92036,6 +92044,8 @@ CVE-2021-0128
 	RESERVED
 CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors may a ...)
 	- intel-microcode <unfixed>
+	[bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+	[buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
 CVE-2021-0126



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a56642a5c91f49b49721f4b4716a11fd7fa2cb23...d358e4ec2cb6d2c6f94b2355a6f95d8b8e4341da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a56642a5c91f49b49721f4b4716a11fd7fa2cb23...d358e4ec2cb6d2c6f94b2355a6f95d8b8e4341da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/5e9ecf38/attachment-0001.htm>
